ID

VAR-202007-1107


CVE

CVE-2020-6280


TITLE

SAP NetWeaver and ABAP Platform Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007640

DESCRIPTION

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. SAP NetWeaver (ABAP Server) and ABAP Platform There is an information leakage vulnerability in.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-6280 // JVNDB: JVNDB-2020-007640

AFFECTED PRODUCTS

vendor:sapmodel:abap platformscope:eqversion:7.31

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:7.40

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:7.50

Trust: 1.0

vendor:sapmodel:abap platformscope:eqversion:731

Trust: 0.8

vendor:sapmodel:abap platformscope:eqversion:740

Trust: 0.8

vendor:sapmodel:abap platformscope:eqversion:750

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:731

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:740

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:750

Trust: 0.8

sources: JVNDB: JVNDB-2020-007640 // NVD: CVE-2020-6280

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-6280
value: LOW

Trust: 1.0

NVD: JVNDB-2020-007640
value: LOW

Trust: 0.8

CNNVD: CNNVD-202007-788
value: LOW

Trust: 0.6

NVD: CVE-2020-6280
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007640
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-6280
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007640
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007640 // CNNVD: CNNVD-202007-788 // NVD: CVE-2020-6280

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-007640 // NVD: CVE-2020-6280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-788

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202007-788

CONFIGURATIONS

sources: NVD: CVE-2020-6280

PATCH

title:SAP Security Patch Day - July 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552599675

Trust: 0.8

title:SAP NetWeaver AS ABAP and ABAP Platform Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124653

Trust: 0.6

sources: JVNDB: JVNDB-2020-007640 // CNNVD: CNNVD-202007-788

EXTERNAL IDS

db:NVDid:CVE-2020-6280

Trust: 2.4

db:JVNDBid:JVNDB-2020-007640

Trust: 0.8

db:CNNVDid:CNNVD-202007-788

Trust: 0.6

sources: JVNDB: JVNDB-2020-007640 // CNNVD: CNNVD-202007-788 // NVD: CVE-2020-6280

REFERENCES

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=552599675

Trust: 1.6

url:https://launchpad.support.sap.com/#/notes/2927373

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-6280

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6280

Trust: 0.8

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-july-2020-32835

Trust: 0.6

sources: JVNDB: JVNDB-2020-007640 // CNNVD: CNNVD-202007-788 // NVD: CVE-2020-6280

SOURCES

db:JVNDBid:JVNDB-2020-007640
db:CNNVDid:CNNVD-202007-788
db:NVDid:CVE-2020-6280

LAST UPDATE DATE

2022-05-04T09:28:03.312000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-007640date:2020-08-19T00:00:00
db:CNNVDid:CNNVD-202007-788date:2020-07-21T00:00:00
db:NVDid:CVE-2020-6280date:2021-07-21T11:39:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-007640date:2020-08-19T00:00:00
db:CNNVDid:CNNVD-202007-788date:2020-07-14T00:00:00
db:NVDid:CVE-2020-6280date:2020-07-14T13:15:00